Vulnerability in Haxx Curl
CVE-2005-0490
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, wh…
EPSS: 0.057 (92.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Haxx Curl — versions 7.12.1
- Haxx Libcurl — versions 7.12.1
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (mailing-list, Patch, x_refsource_FULLDISC, Mailing List)
- cve@mitre.org (vendor-advisory, Patch, x_refsource_CONECTIVA, Broken Link, Vendor Advisory)
- cve@mitre.org (x_refsource_IDEFENSE, Broken Link, Vendor Advisory, third-party-advisory)
- cve@mitre.org (Broken Link, x_refsource_OVAL, signature, vdb-entry)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_IDEFENSE, Broken Link, Vendor Advisory, third-party-advisory)
- cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_MANDRAKE)
- cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
Frequently asked questions
- What is CVE-2005-0490?
- CVE-2005-0490 is a high-severity vulnerability in Haxx Curl, classified under Incorrect Calculation of Buffer Size. CVSS score: 8.8/10. Published 2005-05-02.
- How severe is CVE-2005-0490?
- High severity. CVSS v3 base score is 8.8 out of 10.
- Is CVE-2005-0490 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.